Eliminate redundant security registration in PythonExprs.

6bd639c7 · Evan Simpson · e0751ca5 · 6bd639c7 · 6bd639c7 · 6bd639c7
Commit 6bd639c7 authored May 24, 2001 by Evan Simpson
3 changed files
--- a/lib/python/Products/PageTemplates/PythonExpr.py
+++ b/lib/python/Products/PageTemplates/PythonExpr.py
@@ -86,7 +86,7 @@
 """Generic Python Expression Handler
 """

-__version__='$Revision: 1.1 $'[11:-2]
+__version__='$Revision: 1.2 $'[11:-2]

 from string import strip, split, join, replace, lstrip

@@ -130,6 +130,7 @@ class PythonExpr:
        return names

    def __call__(self, econtext):
+        __traceback_info__ = self.expr
        f = self._f
        f.func_globals.update(self._bind_used_names(econtext))        
        return f()

--- a/lib/python/Products/PageTemplates/ZPythonExpr.py
+++ b/lib/python/Products/PageTemplates/ZPythonExpr.py
@@ -89,7 +89,7 @@ Handler for Python expressions, using the pre-Python 2.1 restriction
 machinery from PythonScripts.
 """

-__version__='$Revision: 1.1 $'[11:-2]
+__version__='$Revision: 1.2 $'[11:-2]

 from AccessControl import getSecurityManager
 from Products.PythonScripts.Guarded import _marker, \
@@ -110,20 +110,6 @@ class PythonExpr(PythonExpr):
        self._f = UntupleFunction(blk.t, guards, __builtins__=safebin)
        self._get_used_names()

-    def __call__(self, econtext):
-        f = self._f
-        f.func_globals.update(self._bind_used_names(econtext))
-        
-        # Execute the function in a new security context.
-        template = econtext.contexts['template']
-        security = getSecurityManager()
-        security.addContext(template)
-        try:
-            __traceback_info__ = self.expr
-            return f()
-        finally:
-            security.removeContext(template)
-
 class _SecureModuleImporter:
    __allow_access_to_unprotected_subobjects__ = 1
    def __getitem__(self, module):

--- a/lib/python/Products/PageTemplates/ZRPythonExpr.py
+++ b/lib/python/Products/PageTemplates/ZRPythonExpr.py
@@ -88,7 +88,7 @@
 Handler for Python expressions that uses the RestrictedPython package.
 """

-__version__='$Revision: 1.1 $'[11:-2]
+__version__='$Revision: 1.2 $'[11:-2]

 from AccessControl import full_read_guard, full_write_guard, \
     safe_builtins, getSecurityManager
@@ -112,19 +112,11 @@ class PythonExpr(PythonExpr):
        self._code = code
        
    def __call__(self, econtext):
+        __traceback_info__ = self.expr
        code = self._code
        g = self._bind_used_names(econtext)
-        g.update(self._globals)
-        
-        # Execute the function in a new security context.
-        template = econtext.contexts['template']
-        security = getSecurityManager()
-        security.addContext(template)
-        try:
-            __traceback_info__ = self.expr
-            return eval(code, g, {})
-        finally:
-            security.removeContext(template)
+        g.update(self._globals)        
+        return eval(code, g, {})

 class _SecureModuleImporter:
    __allow_access_to_unprotected_subobjects__ = 1